Privacy Policy

Your privacy is important to us. This policy explains how SuperGuitarLicks collects, uses, and protects your personal information.

Last Updated: January 2025 | Effective Date: January 1, 2025

Your Data Journey at SuperGuitarLicks

Discover how we collect, process, store, and protect your personal information. This comprehensive diagram shows the complete flow from your first visit to data retention and deletion.

Complete Data Flow Overview

👤 User Visits
superguitarlicks.com

🍪 Cookie Consent
Banner Appears

✅ Accept All
• Essential • Analytics
• Marketing • Third-Party

🔒 Essential Only
• Security • Preferences
• Authentication

⚙️ Custom Settings
User chooses
categories

📊 Data Collection

📈 Analytics Data
Google Analytics
Page views, Sessions

🎯 Marketing Data
Email tracking
Campaign attribution

🔐 Essential Data
Auth tokens
User preferences

🎥 Third-Party Data
Vimeo analytics
Social sharing

📊 Supabase Database
lessons.superguitarlicks.com
🔒 Row Level Security
Encrypted storage, GDPR compliance

🌐 External Services
Vimeo, Social platforms
🏪 Local Storage
Browser consent (365 days)

📧 User Communications
Progress emails
Course updates

📊 Business Analytics
Completion rates
Engagement metrics

🗑️ Data Retention
User can delete account
30-day purge cycle

🌟 User Control

You decide what data we collect through cookie consent choices

🍪 Consent First

Clear consent banner before any non-essential tracking

🔒 Secure Storage

Enterprise-grade security with Supabase and encryption

🗑️ Easy Deletion

Complete data deletion within 30 days when requested

Interactive Data Handling Details

Click on each step below to explore detailed information about our data handling practices.

💡 Click on any step below to expand details

Data Collection

Information you provide when using our services

Data Processing

How we use your information to provide services

Data Storage

Secure storage of your information

Data Sharing

Limited sharing with trusted partners

Your Rights

Control over your personal data

Data Protection Summary

🛡️

End-to-End Encryption

Your data is encrypted in transit and at rest using industry-standard protocols.

🔒

Access Controls

Strict access controls ensure only authorized personnel can access your information.

⚖️

Your Rights

You have full control over your data with rights to access, modify, or delete.

Have questions about how we handle your data?

Contact Our Privacy Team

Policy Information

Effective Date

January 1, 2025

Last Updated

January 2025

Recent Update: We have significantly enhanced our tracking and analytics capabilities. This updated policy provides comprehensive details about Facebook Pixel/CAPI tracking, advanced Google Analytics 4 implementation, and detailed data collection practices.

Information We Collect

Personal Information You Provide

Account Creation

• Full name and email address
• Password (encrypted)
• Profile preferences
• Learning goals and skill level

Payment Information

• Credit/debit card details (via Stripe)
• Billing address
• Payment history
• Subscription preferences

Communication

• Support messages and feedback
• Email preferences
• Survey responses
• Community participation

Learning Data

• Course progress and completion
• Video watch time and engagement
• Quiz scores and assessments
• Bookmarks and favorites

Automatically Collected Information

Technical Data

• IP address and general location
• Device type, OS, and browser
• Screen resolution and device specs
• Language and timezone settings

Usage Analytics

• Pages visited and navigation paths
• Session duration and frequency
• Click patterns and interactions
• Search queries within our platform

Performance Data

• Page load times and errors
• Video buffering and quality
• Feature usage and adoption
• System performance metrics

Advanced Analytics Data

• Facebook Pixel & CAPI tracking
• Google Analytics 4 ecommerce events
• Microsoft Clarity session recordings & heatmaps
• Campaign attribution (UTM parameters)
• Cross-device tracking identifiers
• Purchase behavior and transaction details
• Lead generation and form submissions
• Video engagement and lesson progress
• Session tracking across platforms
• User behavior patterns and frustration signals

Facebook Pixel & Conversions API Tracking

What Facebook Tracking Does

We use Facebook Pixel and Conversions API (CAPI) to track your interactions with our website and optimize our advertising. This allows us to show you relevant ads on Facebook and Instagram, and measure the effectiveness of our marketing campaigns.

Data We Send to Facebook

• Page views and website navigation
• Contact form submissions and newsletter signups
• Product purchases and transaction details
• Items added to cart and browsing behavior
• Hashed email addresses and names (for privacy)
• Device information and IP addresses
• Campaign attribution data (UTM parameters)

Facebook Cookies We Use

• _fbp: Facebook Browser Pixel for tracking visits
• _fbc: Facebook Click ID for campaign attribution
• fb_session_id: Our internal session tracking
• Standard Facebook advertising cookies

These cookies expire after 90 days and help prevent duplicate tracking between browser and server events.

Your Control Over Facebook Tracking

Cookie Preferences

You can disable marketing cookies through our cookie preference center, which will stop new Facebook tracking.

Facebook Settings

Visit Facebook's Ad Preferences to control how Facebook uses your data for advertising across all websites.

Browser Controls

Use browser privacy settings, ad blockers, or private browsing mode to limit tracking capabilities.

Google Analytics 4 & Ecommerce Tracking

Advanced Analytics Implementation

We use Google Analytics 4 (GA4) to understand how you use our website and courses. This helps us improve your learning experience and optimize our educational content.

What GA4 Tracks

• Page views, session duration, and navigation patterns
• Course enrollments and lesson completion rates
• Video engagement (play, pause, completion)
• Purchase events and transaction details
• User demographics and interests (when available)
• Campaign performance and attribution
• Custom conversion goals and user segments

Data Storage & Retention

• Analytics data stored in Google's servers
• Individual user data retained for 14 months
• Aggregated data retained for statistical analysis
• IP addresses are anonymized by default
• Cross-device tracking via Google signals
• Enhanced ecommerce data for business insights

Legal Basis for Processing (GDPR)

Contract Performance

Processing necessary for the performance of our contract with you:

• Account creation and management
• Course delivery and progress tracking
• Payment processing and billing
• Customer support services

Consent

• Marketing communications
• Non-essential cookies
• Newsletter subscriptions
• Personalized recommendations

Legitimate Interest

• Website analytics and improvement
• Fraud prevention and security
• Internal business operations
• Product development

How We Use Your Information

Service Delivery

• Create and manage your account
• Provide guitar lessons and courses
• Process payments and subscriptions
• Track your learning progress
• Deliver customer support
• Send course updates and notifications

Personalization

• Recommend relevant courses and content
• Customize learning experience
• Track progress and achievements
• Provide personalized feedback
• Remember your preferences
• Suggest skill-appropriate content

Improvement & Security

• Analyze usage patterns and trends
• Improve our services and platform
• Develop new features and courses
• Ensure security and prevent fraud
• Monitor system performance
• Comply with legal obligations

Marketing Communications (With Your Consent)

• Send promotional emails about new courses
• Share guitar learning tips and resources
• Announce special offers and discounts
• Provide personalized course recommendations

You can opt out at any time by:

• Clicking unsubscribe in any email
• Updating your account preferences
• Contacting our support team

Microsoft Clarity User Behavior Analytics

Session Recording & Heatmap Analytics

We use Microsoft Clarity to understand how you interact with our website and learning platform. This free service provides session recordings, heatmaps, and user insights to help us improve your experience.

What Clarity Records

• Session recordings (videos of how you use our site)
• Click patterns and mouse movements
• Scroll behavior and page interactions
• Heatmaps showing popular content areas
• Frustration signals (dead clicks, rage clicks)
• Page performance from user perspective
• User journey paths and navigation patterns

Privacy Protections

• Sensitive form fields automatically masked
• Password inputs completely hidden
• Personal information automatically obscured
• Respects "Do Not Track" browser settings
• No personally identifiable information stored
• GDPR and CCPA compliant data handling
• Data stored securely by Microsoft

Why We Use Microsoft Clarity

User Experience Improvements

• Identify usability issues and fix them
• Understand where users get confused
• Optimize lesson navigation and course flow
• Improve mobile and desktop experiences
• Reduce user frustration and abandonment

Platform Optimization

• Enhance checkout and signup processes
• Improve page load speeds and performance
• Optimize content layout and design
• Ensure courses are easy to navigate
• Create better learning experiences

Your Control Over Clarity Tracking

Automatic Protections

• Form inputs are automatically masked
• Credit card and payment info hidden
• Email addresses and personal data obscured
• Sensitive elements excluded from recordings

Opt-Out Options

• Enable "Do Not Track" in your browser
• Contact us to exclude your sessions
• Use private/incognito browsing mode
• Block Clarity via ad blockers

Microsoft Clarity is completely free and helps us provide you with a better learning experience. All data is processed according to Microsoft's strict privacy standards and your information remains secure.

Detailed Cookie Policy

Cookie Categories & Specific Cookies

Essential Cookies

Always Active

Required for basic website functionality, security, and user authentication.

Authentication Cookies

Session tokens, login state, admin access

Security Cookies

CSRF protection, form validation

Analytics Cookies

Optional

Help us understand website usage and improve performance through Google Analytics 4.

Google Analytics 4

_ga, _ga_[MEASUREMENT_ID], _gid

Tracks page views, sessions, events, conversions

Session Tracking

fb_session_id (our internal session ID)

Links your behavior across pages and platforms

Marketing Cookies

Optional

Used for Facebook advertising, campaign tracking, and personalized marketing.

Facebook Pixel

_fbp (browser pixel), _fbc (click ID)

Tracks conversions, builds audiences, optimizes ads

Campaign Attribution

UTM parameters stored in session

Tracks which campaigns drive purchases

Preference Cookies

Optional

Remember your choices and provide enhanced, personalized features.

Cookie Consent

sgl-cookie-consent

Remembers your cookie preferences

User Preferences

Theme settings, language, display options

Enhances your user experience

Cookie Expiration & Management

Session Cookies

Expire when you close your browser. Used for temporary functionality.

Persistent Cookies

Remain for 30-90 days for analytics and marketing. You can delete them anytime.

Your Control

Manage preferences via our cookie banner or your browser settings.

Data Retention Policy

Retention Periods

Account Data

Active accounts: Retained for as long as your account is active

Deleted accounts: Removed within 30 days of deletion request

Learning Progress

Course progress: Maintained throughout account lifetime

After deletion: Permanently removed with account

Financial Records

Payment history: 7 years for tax and legal compliance

Billing data: 3 years after last transaction

Analytics Data

Google Analytics 4: 14 months for individual data, indefinite for aggregated

Facebook tracking: 90 days for cookies, 180 days for CAPI events

Personal analytics: 2 years after account closure

Complete Data Deletion

When you request account deletion, we will:

🗑️

Delete account data within 7 days

🔄

Remove from all systems within 30 days

📦

Delete backups within 90 days

Children's Privacy (COPPA Compliance)

Age Requirements

Minimum age to create an account

Minimum age for marketing consent (EU)

Full legal capacity for all services

Parental Consent

• Ages 13-15: Parental consent required in some jurisdictions
• Parents can request access to their child's information
• Parents can request deletion of their child's account
• We do not knowingly collect data from children under 13
• If we discover data from children under 13, we delete it immediately

For parents: If you believe your child under 13 has provided personal information to us, please contact us immediately at support@superguitarlicks.comand we will take steps to delete such information.

Data Sharing and Third-Party Services

We Do NOT Sell Your Data

We do not sell, rent, or lease your personal information to third parties for marketing purposes. We only share your information in the limited circumstances described below.

Trusted Service Providers

Payment Processing

Stripe Inc. - Payment and billing services

Data shared: Payment details, billing address, transaction history

Database & Hosting

Supabase Inc. - Database and authentication services

Data shared: Account data, learning progress, preferences

Video Services

Vimeo Inc. - Video hosting and analytics

Data shared: Video viewing data, engagement metrics

Google Analytics 4

Google LLC - Advanced analytics and ecommerce tracking

Data shared: Page views, events, purchases, user behavior, demographic insights

Facebook Inc. (Meta)

Facebook Pixel & CAPI - Advertising optimization and conversion tracking

Data shared: Page views, purchases, leads, hashed user data, device information

Email Services

Resend - Email delivery and communications

Data shared: Email addresses, engagement metrics (with consent)

Legal Requirements

When required by law, court order, subpoena, or to protect our rights and the safety of our users. We will notify you unless legally prohibited.

Business Transfers

In connection with a merger, acquisition, reorganization, or sale of business assets. You will be notified of any change in ownership or control.

With Your Consent

Any other sharing of your personal information will only occur with your explicit consent, which you can withdraw at any time.

Your Privacy Rights

Access & Portability

Request access to your personal data and receive a copy in a portable format

Correction

Update or correct inaccurate personal information we have about you

Deletion

Request deletion of your personal data (subject to legal requirements)

Opt-Out

Withdraw consent for marketing communications and non-essential processing

Restriction

Limit how we process your personal information in certain circumstances

Objection

Object to processing based on legitimate interests or direct marketing

To exercise your rights, contact us at:

Contact Privacy Team

Data Security

We implement industry-standard security measures to protect your personal information:

🔒

Encryption

SSL/TLS encryption for data in transit and AES encryption for data at rest

🛡️

Access Controls

Multi-factor authentication and role-based access for all systems

📊

Monitoring

24/7 security monitoring and regular security audits and penetration testing

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

EU Standard Contractual Clauses for transfers to third countries
Adequacy decisions where applicable
Binding Corporate Rules for intra-group transfers
Certification schemes and codes of conduct

Changes to This Privacy Policy

How We Handle Updates

Minor Changes

• Updates to contact information
• Clarifications of existing practices
• Additional security measures
• Posted with updated "Last Modified" date

Material Changes

• Changes to data collection practices
• New ways of using your information
• Changes to data sharing practices
• 30-day advance notice via email

Your Options When We Update This Policy

✅

Continue using our services (acceptance)

⚙️

Update your privacy preferences

🚪

Close your account before changes take effect

Complaints and Supervisory Authority

File a Complaint

If you have concerns about how we handle your personal data, you have the right to file a complaint with:

Contact Us First

We encourage you to contact us directly so we can address your concerns:

• Email: support@superguitarlicks.com
• Response time: Within 24 hours
• Resolution goal: Within 30 days

Supervisory Authority

You can also file complaints with data protection authorities:

• EU: Your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)
• California: California Privacy Protection Agency

Important Notice

Filing a complaint with a supervisory authority does not affect your right to seek judicial remedy. We are committed to working with supervisory authorities to resolve any complaints and will cooperate fully with any investigations.

Contact Us

Privacy Questions

Email: support@superguitarlicks.com

Response Time: Within 72 hours

Data Protection Officer

Email: support@superguitarlicks.com

Response Time: Within 24 hours

We Value Your Privacy

Your trust is important to us. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.

This privacy policy is designed to help you understand your rights and make informed decisions about sharing your personal information with SuperGuitarLicks.

This privacy policy is effective as of January 1, 2025.